2. BYOD SECURITY THAT WORKS | BITGLASS | 2014 2
The bring-your-own-device (BYOD) phenomenon hit enterprise
IT faster than a knife fight in a phone booth. You were cruising
along with your secure BlackBerry deployment and then your
CEO bought an iPhone and demanded access to her corporate
email. So you gave her access to the Microsoft Exchange
server, via Microsoft ActiveSync. Before long, iPhones started
popping up everywhere -- including the corporate cafeteria. A
few months later you checked the logs and found more than
2,000 of them were connected via ActiveSync! Yikes!
A Knife Fight in a Phone Booth:
How we got from BY-NO to BYO
BYOD SECURITY THAT WORKS
THE BYOD KNIFE FIGHT,
AS IT UNFOLDED ON THE WEB
Given MDM’s failings, BYOD still presents a
significant challenge for most CIOs. In this
eBook, we take a step back and look at the larger
problem of implementing BYOD: Defining what
is important and protecting it. Cloud and mobile
technologies have changed the IT security
landscape irreversibly. Today, we access and
store data in radically different ways from a few
years ago. So why would we approach security in
the same old ways?
SEARCH INTEREST FOR THE TERM “BYOD”
Source: http://www.google.com/trends/explore#q=BYOD
2005 2007 2009 2011 2013
2005 2007 2009 2011 2013
3. BYOD SECURITY THAT WORKS | BITGLASS | 2014 3
If you’re like most IT security professionals, you
pushed back at first, urging employees to stick with
their BlackBerries. At some point, you realized
this strategy was a losing battle, so you decided to
embrace BYOD. You still weren’t sure how.
The Initial Response
The startup world stepped in to save the day, offering
up Mobile Device Management (MDM) as a solution.
It sounded great – now you could manage personal
mobile devices the same way you managed corporate-
owned laptops, locking down Bluetooth and iCloud and
blacklisting applications that threatened productivity
or screamed “data leak!”
Employees are People Too
But – as you might have predicted – people rebelled
against the monitoring and management of their
personal devices. If they wanted to back up their
personal information to iCloud or play Candy Crush on
their days off, they had a right to do so. Your MDM solution
turned out to be more expensive and complicated than
you thought. And honestly, it hasn’t offered any real peace
of mind about the security of your corporate data, either.
Yes, it has allowed you to configure devices, but it does
nothing to prevent data leakage or control inappropriate
usage of corporate data.
THE BYOD REVOLUTION
TYPICAL CIO REACTION
TO BYOD THROUGH THE YEARS
2005 2007 2009 2011 2013
?
Source: http://www.google.com/trends/explore#q=BYOD
“Here’s your
BlackBerry.”
“No iPhones
allowed.”
“We surrender!
Use what you
like!”
“Did we actually
secure our
data?”
2005 2007 2009 2011 2013
4. BYOD SECURITY THAT WORKS | BITGLASS | 2014 4
DATA = $$$
YOUR COMPANY’S
CREDIBILITY, REPUTATION,
AND COMPETITIVE
ADVANTAGES
ARE ON THE LINE.
Think about it: Why do we concern ourselves with securing the devices
that connect to our networks? Is it because the devices have some intrinsic
value? Definitely not. Your CFO wouldn’t lose sleep over the extrinsic value of
devices, even if they were company-owned.
Is it the applications we’re worried about, then? Of course not. Even
enterprise-grade mobile apps run in the $10 range at most, and application
licensing agreements likely cover apps on lost or stolen devices.
Clearly the data on these devices represents orders of magnitude more value
than even a high-end tablet loaded with hundreds of costly apps. Whether
it’s information that helps you forecast, make business decisions or drive
efficiencies – or about the intrinsic value of customer or employee data –
corporate information is almost impossible to put a price tag on.
We witness on an almost weekly basis the cost of losing control of that data.
Recently, Target, Neiman Marcus, and Coca-Cola made headlines for data
breaches. Who knows who’s next. From government agencies to international
banking conglomerates, no organization, it seems, is safe. Each time an
employee walks through the door with an iPhone and connects it to your
network – or walks out the door with a company laptop, or connects in any
way to a business cloud application – your company’s credibility, reputation,
and competitive advantages are on the line.
5. BYOD SECURITY THAT WORKS | BITGLASS | 2014 5
Data on Devices
There’s no end in sight to the explosion of devices and data. Gartner predicts
that by 2017, most large companies will require BYOD, offering to subsidize
service plans instead of providing company smartphones, tablets, or even
PCs. In the future workplace, BYOD policies must expand to include an
increasing variety of device form factors and operating systems. Your next
BYOD program may include Windows and Mac laptops. The one after that
– as the Internet of Things connects buildings, data centers and cars – may
need to include the break room refrigerator as well as employee shoes and
automobiles.
MORE EMPLOYEES, MORE DEVICES
Analysts predict that by 2020,
over 30 billion connected devices
will be in use, compared to just
2.5 billion in 2009 .
- 2013 Gartner report
6. BYOD SECURITY THAT WORKS | BITGLASS | 2014 6
Data in the Cloud
It’s impossible to talk about BYOD without talking about cloud applications.
Not only do smartphones and tablets contain hundreds of apps, but your
organization probably also uses cloud applications that those devices can
access.
The 2014 Bitglass Cloud Adoption Report confirms the viability of the business
cloud. By analyzing the publicly available, real-world traffic data of 81,253
companies, we found that 24 percent had already implemented Google Apps
or Microsoft Office 365. Companies deploying those applications across
large portions of their organizations are most likely moving in the direction
of adopting the cloud as a strategic element of their business models. Their
employees are probably accessing email and work applications from their
mobile devices.
PLAN FOR A CLOUDY FUTURE
In a 2013 Gartner survey,
a whopping 80 percent of
enterprise IT organizations said
they planned to adopt cloud
applications by 2015.
- 2013 Gartner report
LET’S FACE IT
THE BUDGET FOR BYOD SECURITY PROGRAMS
MUST REMAIN IN LINE WITH THE BENEFITS
THAT BYOD OFFERS.
7. BYOD SECURITY THAT WORKS | BITGLASS | 2014 7
Many IT organizations approached the BYOD
security problem by trying to control devices
and apps via Mobile Device Management
(MDM) and Mobile Application Management
(MAM) solutions. It was a logical direction,
given traditional thinking about the network
perimeter: Build a wall around the entire
network, including all connected devices and
their applications, to keep the bad guys out and
the data corralled. Unfortunately, there are
several problems with this approach.
THE ELUSIVE SOLUTION: ARE WE OVER-THINKING THIS?
MDM ATTEMPTS TO LOCK
ALL ACCESS INTO AND OUT
OF THE DEVICE
MAM REPLACES CORPORATE APPS
WITH RECOMPILED VERSIONS THAT
INCLUDE SECURITY FEATURES.
• Employees give up control of their devices
• Limited protection against data leaks
• Requires special development for each app on
each platform
• Runs into vendor licensing problems
• Mobile web and APIs are easy work arounds
8. BYOD SECURITY THAT WORKS | BITGLASS | 2014 8
38%
35%
29%
Found MDM hard to integrate
with other security technologies
Had problems scaling to support
a large number of users
Had difficulty with
implementation
Problem 1: It’s too complex.
A recent Network World blog post called
the market status of MDM deployments
“elementary and immature.” Why? The blog
cited ESG research determining that:
It’s no surprise. Realistically, how will you
scale any MDM solution when people begin
scanning email through special eyeglasses
while they work out on a network-connected
Stairmaster in the company gym – wearing
network-connected running shoes?
Let’s face it: The budget for BYOD security
programs must remain in line with the benefits
that BYOD offers. In this economy, no CIO can
expect ballooning headcounts and budgets to
match an out-of-control BYOD program.
3 PROBLEMS WITH MDM/MAM SOLUTIONS
Problem 2: Can I get some privacy in here?
The line between work and personal life grows ever more blurry, thanks in
part to mobile devices that allow us to stay in touch with work from wherever
we happen to be. Your phone contains grocery lists, notes to yourself, and
your doctor’s phone number – as well as work email, contacts, and calendar.
You may use your phone’s browser to look up terminology in a client meeting,
but you probably use it just as often to manage your personal life.
Most CIOs see the blur of personal and work life as an unstoppable trend.
But most solutions in use today make no distinction between corporate and
personal data. If you’re routing and inspecting traffic from an iPhone, you’re
sweeping up personal emails along with company data logs. Most CIOs don’t
relish the Big Brother persona, but these solutions force it upon them.
To make matters worse, MDM solutions install software on employee-
owned devices that try to control what they can or cannot do with that device.
Ultimately, such heavy-handed solutions drive today’s employees toward
circumventing IT security policies and make your data less safe.
9. BYOD SECURITY THAT WORKS | BITGLASS | 2014 9
Problem 3: You can’t wrap the cloud.
Many MDM and MAM solutions work well if your company is developing its
own applications, but don’t extend so readily to those apps your employees
want to download from the app store, or even to third-party business cloud
apps. In many cases, cloud apps break when you try to “wrap” them with MAM
solutions. In other cases, wrapping breaks app vendor licensing agreements
or the vendors simply refuse to provide the binaries required to accomplish
such wrapping.
Real clouds don’t have edges, and the clouds we use to store and manipulate
data don’t either. They’re porous, full of networked API connections that lead
to places you may never think of, and they change constantly. The idea that
you could contain them in a manageable way is simply unrealistic.
3 PROBLEMS WITH MDM/MAM SOLUTIONS
“We’re finally reaching the point
where I.T. officially recognizes
what has always been going on:
People use their business device
for non-work purposes. They
often use a personal device in
business. Once you realize that,
you’ll understand your need
to protect data in another way
besides locking down the full
device.”
- David Willis
Vice President and Distinguished Analyst,
Gartner, Inc.
10. BYOD SECURITY THAT WORKS | BITGLASS | 2014 10
TODAY’S SOLUTION: FREE PEOPLE, SECURED DATA
To get to the good news in all this, you have to get past the old way of thinking
about your company’s network perimeter. While it used to make sense to
protect data by securing the devices and applications within that perimeter,
the reality is that you no longer own or manage the devices and applications,
but you still own your data. It’s more useful to think of “perimeter” in terms of
the smallest possible unit – that of the data itself.
Today’s emerging security technologies for cloud and mobile give IT
organizations more control, while also protecting employee privacy.
Persistent digital watermarking technology and data leakage prevention
make it possible to protect each piece of important data, rather than trying to
control an entire device or application. The advantages of this strategy offer a
revolution in the way today’s CIO can approach IT security.
BITGLASS PROTECTS AND
MONITORS ONLY THE
CORPORATE DATA.
• Device and app agnostic
• Leaves employee data alone
11. BYOD SECURITY THAT WORKS | BITGLASS | 2014 11
TODAY’S EMERGING SECURITY
TECHNOLOGIES FOR CLOUD AND
MOBILE GIVE IT ORGANIZATIONS
MORE CONTROL, WHILE ALSO
PROTECTING EMPLOYEE PRIVACY.
Time to Put the Knife Away
When you focus on what matters – sensitive
corporate data – answers to security
in today’s cloud- and mobile-enabled
workplace become clear and relatively
simple. So step out of that cramped and
bloody phone booth and into a world of
data you can control. Things are a lot more
relaxed – and a lot more secure – out here.
1. This strategy frees people to work productively.
Happy and productive employees are much more likely to abide by security
policies than those who are handcuffed to “containerized” mail clients or
apps that make their job less efficient and enjoyable. Let employees use the
applications and devices that help them to be productive, and offer them a
familiar, native experience they won’t think twice about following.
2. It simplifies mobile security.
By securing each piece of data, you take complexity out of the system along
with a mountain of policies, management tasks, and other headaches. You
also create a security strategy that is completely independent of device type
or third party apps. Bonus!
3. It frees your organization to embrace new technology.
Yes, you will continue to face new technology hurdles. That’s life in the
modern age. It’s also how you stay competitive and become a leader in your
industry. Now your security team can help enable new apps and devices,
instead of looking at them with dread.
4. It minimizes costs.
Today, it’s possible – and advisable – to deploy a simple, effective security
solution with low overhead. Compare that to the ballooning costs of traditional
solutions, and it’s a no-brainer.
5. It respects employee privacy.
Security solutions that transport, handle, or even inspect personal employee
communications are bad for morale, bad for productivity, and often ineffective.
Now you can put the security focus squarely on corporate data, completely
ensuring personal employee privacy.
THE NEW BYOD
12. BYOD SECURITY THAT WORKS | BITGLASS | 2014 12
WHY BITGLASS?
BYOD and Cloud are unstoppable trends. The benefits
are huge, but you can lose control of your data.
Regain control with Bitglass.
SecureBYOD
• Secure corporate data without MDM or agents
• Prevent data leakage
• Track and manage sensitive data
• Supports all PC and mobile platforms
Learn more at www.bitglass.com
+
FOR I.T.
SECURE CLOUD AND MOBILE.
FOR EMPLOYEES
PRIVACY AND UNENCUMBERED
MOBILITY.
SECURE BYOD IN MINUTES